Friend of EH-Net, Josh Wright, has a message, and we also have a really cool offer for anyone who's been thinking of doing his awesome wireless course. Curious? See our Review of SANS' SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses. Hopefully this will also spark conversation on his wireless course and associated GIAC certification, GAWN, in this EH-Net Forum Board dedicated to it. Let the conversation begin!!

A couple months ago I saw some amazing wireless attack demos at Shmoocon that took advantage of weak cryptography, weak authentication, and implementation and design flaws. The lesson I took away from the event was that wireless attacks have changed, but they aren't slowing down. We are seeing more and more tools to exploit wireless technologies, including WiFi, Bluetooth, ZigBee, IEEE 802.15.4, cellular networks, and proprietary systems. If you want to protect your data and wireless networks it is critical that you understand the technology, threats, exploits, and defense techniques for wireless systems. SANS' SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses (https://www.sans.org/info/71593) will help you gain that understanding. Keep reading if you'd like to learn more about this course and how to get a free MetaGeek Wi-Spy DBx spectrum analyzer ($599 retail value).

As the author of SEC617, I am continuously updating the course. Each update adds coverage of emerging attack tools and new trends, such as the Ubertooth Bluetooth attack hardware and the KillerBee framework for exploiting ZigBee networks. Even WiFi networks, thought to be secure by many organizations, are now known to be susceptible to VeriSign-approved RADIUS servers and a number of client-side exploits. I also cover advanced techniques in SEC617, such as "bridging the airgap" (leveraging remote Windows Vista/7 and OS X compromised clients to exploit internal wireless networks).

Beginning April 19th I'll be teaching SEC617 on vLive!, SANS' live, online training platform. This is one of my favorite teaching methods; students receive all the benefits of a conference event (live instructor, live demos, lab exercises, detailed Q&A), but the course is taught in smaller blocks, giving students more time to digest and process the material. Students also receive recordings of each session that can be replayed to reinforce topics or catch up on a missed session. The class will be meeting two evenings a week over a six week period. You can register at https://www.sans.org/info/71593.

As a special bonus for students in this class, SANS vLive! is giving away a FREE Wi-Spy DBx ($599 retail value) to students who enter promo code WISPY_EH! I am very excited about this offer because MetaGeek's Wi-Spy DBx gives you much-needed visibility into the behavior of the RF spectrum. I use my Wi-Spy DBx for identifying unauthorized transmitters, interfering devices, and any number of attacks against the wireless network. Moreover, it is incredibly useful as a network troubleshooting and WLAN design tool to help you optimize the configuration of AP's at 2.4 and 5 GHz. If you work with wireless networks, you should have a Wi-Spy DBx. Just remember to enter promo code WISPY_EH when you register!

If you or your organization uses wireless technology in any form, you will benefit from SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses. Join me online starting April 19th and have fun while learning the tools and techniques for assessing, manipulating and exploiting wireless systems.

Mati and the crew at OffSec are very good, and I highly recommend their network pen testing courses. But the wireless course isn't quite up-to-date.

Josh is a noted expert in the field, wrote & constantly updates the SANS course, works as a wireless pen tester, does wireless research, writes wireless tools, is a co-author of the Hacking Exposed Wireless book... in a nutshell, he's the wireless man! Add in the fact that he is the instructor, and you have a great course.

To be fair, the drawback is cost. The SANS course is more expensive, but it is well worth it for the extra stuff you get. And if you do the vLive! course, you don't get to play mini-golf with Josh.